Gitiles
Code Review Sign In
gerrit.opencord.org / roc-helm-charts / c3a50d32ee890f600845bf1cf34c4114f8b69cdf^! / .
commitc3a50d32ee890f600845bf1cf34c4114f8b69cdf[log] [tgz]
authorPrateek Sarda <prateek.sarda@opennetworking.org>Wed Nov 10 12:40:17 2021 +0000
committerPrateek Sarda <prateek.sarda@opennetworking.org>Fri Nov 12 17:09:13 2021 +0000
treee76209092fe7db2d498343ecadb11e7974ad2fe2
parentb8274a0232e2258dccab361f8a600ebc3456ed30 [diff]
enable using KeyCloak as Oauth for Grafana

Change-Id: Ib5b3292802ae37891baae1928c5ce29340b8dcf4

diff --git a/aether-roc-umbrella/Chart.yaml b/aether-roc-umbrella/Chart.yaml
index 06a62fb..815190e 100644
--- a/aether-roc-umbrella/Chart.yaml
+++ b/aether-roc-umbrella/Chart.yaml

@@ -7,7 +7,7 @@
 description: Aether ROC Umbrella chart to deploy all Aether ROC
 kubeVersion: ">=1.18.0"
 type: application
-version: 1.4.43
+version: 1.4.44
 appVersion: v0.0.0
 keywords:
   - aether

diff --git a/aether-roc-umbrella/values.yaml b/aether-roc-umbrella/values.yaml
index ac948a0..4d83d2a 100644
--- a/aether-roc-umbrella/values.yaml
+++ b/aether-roc-umbrella/values.yaml

@@ -190,31 +190,43 @@
     log:
       level: debug
     server:
-      domain: aether-roc-gui
-      root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
+      domain: aether-roc-gui:8183
+      root_url: "%(protocol)s://%(domain)s/grafana/"
       serve_from_sub_path: true
+    security:
+      allow_embedding: true
+    auth:
+     disable_login_form: true
+     oauth_auto_login: true
     auth.anonymous:
+      enabled: false
+      hide_version: false
+# Disabled other auth types for the moment - see aether-roc-gui/docs/grafana.md
+    auth.proxy:
+      enabled: false
+      header_name: X-WEBAUTH-USER
+      header_property: username
+      auto_sign_up: true
+      enable_login_token: true
+    auth.jwt:
+      enabled: false
+      header_name: X-JWT-Assertion
+      username_claim: name
+      email_claim: email
+      jwk_set_url: "https://keycloak.opennetworking.org/auth/realms/master/protocol/openid-connect/certs"
+      cache_ttl: 60m  
+    auth.generic_oauth:
       enabled: true
-      hide_version: true
-# Commented out for the moment - see aether-roc-gui/docs/grafana.md
-#    auth.jwt:
-#      enabled: true
-#      header_name: X-JWT-Assertion
-#      username_claim: name
-#      email_claim: email
-#      jwk_set_url: https://dex.aetherproject.org/dex/keys
-#      cache_ttl: 60m
-#    auth.generic_oauth:
-#      enabled: true
-#      client_id: aether-roc-gui
-##      client_secret: YWV0aGVyLXJvYy1ndWkK
-#      scopes: "openid profile email groups"
-#      empty_scopes: false
-#      auth_url: "http://dex-ldap-umbrella:5556/auth"
-#      token_url: "http://dex-ldap-umbrella:5556/token"
-#      api_url: "http://dex-ldap-umbrella:5556/userinfo"
-#      allowed_domains: opennetworking.org
-#      allow_sign_up: true
+      client_id: aether-roc-gui
+#      client_secret: YWV0aGVyLXJvYy1ndWkK
+      scopes: "openid profile email groups"
+      empty_scopes: false
+      auth_url: "http://k3u-keycloak:5557/auth/realms/master/protocol/openid-connect/auth"
+      token_url: "http://k3u-keycloak:5557/auth/realms/master/protocol/openid-connect/token"
+      api_url: "http://k3u-keycloak:5557/auth/realms/master/protocol/openid-connect/userinfo"
+      allowed_domains: opennetworking.org
+      allow_sign_up: true
+      name: KeyCloak
 
 prometheus-acc:
   pushgateway: